{"id":86250,"date":"2019-01-15T16:00:48","date_gmt":"2019-01-15T14:00:48","guid":{"rendered":"https:\/\/www.javacodegeeks.com\/?p=86250"},"modified":"2019-01-16T09:12:35","modified_gmt":"2019-01-16T07:12:35","slug":"certificate-transparency-verification-java","status":"publish","type":"post","link":"https:\/\/www.javacodegeeks.com\/2019\/01\/certificate-transparency-verification-java.html","title":{"rendered":"Certificate Transparency Verification in Java"},"content":{"rendered":"<p>So I had this naive idea that it would be easy to do certificate transparency verification as part of each request in addition to certificate validity checks (in Java).<\/p>\n<p>With half of the weekend sacrificed, I can attest it\u2019s not that trivial. But what is <a href=\"https:\/\/www.certificate-transparency.org\/\">certificate transparency<\/a>? In short \u2013 it\u2019s a publicly available log of all TLS certificates in the world (which are still called SSL certificates even though SSL is obsolete). You can check if a log is published in that log and if it\u2019s not, then something is suspicious, as CAs have to push all of their issued certificates to the log. There are other use-cases, for example registering for notifications for new certificates for your domains to detect potentially hijacked DNS admin panels or CAs (<a href=\"https:\/\/developers.facebook.com\/tools\/ct\/\">Facebook offers such a tool for free<\/a>).<\/p>\n<p>What I wanted to do is the former \u2013 make each request from a Java application verify the other side\u2019s certificate in the certificate transparency log. It seems that this is not available out of the box (if it is, I couldn\u2019t find it. <a href=\"http:\/\/mail.openjdk.java.net\/pipermail\/security-dev\/2015-May\/012157.html\">In one discussion<\/a> about JEP 244 it seems that the TLS extension related to certificate transparency was discussed, but I couldn\u2019t find whether it\u2019s supported in the end).<\/p>\n<p>I started by thinking you could simply get the certificate, and check its inclusion in the log by the fingerprint of the certificate. That would\u2019ve been too easy \u2013 the logs to allow for checking by hash, however it\u2019s not the fingerprint of a certificate, but instead a signed certificate timestamp \u2013 a signature issued by the log prior to inclusion. To quote the <a href=\"https:\/\/tools.ietf.org\/html\/rfc6962\">CT RFC<\/a>:<\/p>\n<p><i><br \/>\nThe SCT (signed certificate timestamp) is the log\u2019s promise to incorporate the certificate in the Merkle Tree<br \/>\n<\/i><\/p>\n<p>A <a href=\"http:\/\/www.certificate-transparency.org\/log-proofs-work\">merkle tree<\/a> is a very cool data structure that allows external actors to be convinced that something is within the log by providing an \u201cinclusion proof\u201d which is much shorter than the whole log (thus saving a lot of bandwidth). In fact the coolness of merkle trees is why I was interested in certificate transparency in the first place (as we use merkle trees in my <a href=\"https:\/\/logsentinel.com\/sentinel-trails\/\">current log-oriented company<\/a>)<\/p>\n<p>So, in order to <a href=\"http:\/\/www.certificate-transparency.org\/getting-started#TOC-Verifying-SCTs\">check for inclusion<\/a>, you have to somehow obtain the SCT. I initially thought it would be possible with the <a href=\"https:\/\/github.com\/google\/certificate-transparency-java\">Certificate Transparency Java library<\/a>, but you can\u2019t. Once you have it, you can use the client to check it in the log, but obtaining it is harder. (Note: for server-side verification it\u2019s fine to query the log via HTTP; <a href=\"https:\/\/github.com\/google\/certificate-transparency-rfcs\/blob\/master\/dns\/draft-ct-over-dns.md\">browsers, however, use DNS queries<\/a> in order to preserve the anonymity of users).<div style=\"display:inline-block; margin: 15px 0;\"> <div id=\"adngin-JavaCodeGeeks_incontent_video-0\" style=\"display:inline-block;\"><\/div> <\/div><\/p>\n<p>Obtaining the SCT can be done in <a href=\"https:\/\/www.certificate-transparency.org\/how-ct-works\">three ways<\/a>, depending on what the server and\/or log and\/or CA have chosen to support: the SCT can be included in the certificate, or it can be provided as a TLS extension during the TLS handshake, or can be included in the TLS stapling response, again during the handshake. Unfortunately, the few certificates that I checked didn\u2019t have the SCT stored within them, so I had to go to a lower level and debug the TLS handshake.<\/p>\n<p>I enabled TLS hadnshake <a href=\"https:\/\/blogs.oracle.com\/java-platform-group\/diagnosing-tls,-ssl,-and-https\">verbose output<\/a>, and lo and behold \u2013 there was nothing there. Google does include SCTs as a TLS extension (according to Qualys), but the Java output didn\u2019t say anything about it.<\/p>\n<p>Fortunately (?) Google has released <a href=\"https:\/\/github.com\/google\/conscrypt\">Conscrypt<\/a> \u2013 a Java security provider based Google\u2019s fork of OpenSSL. Things started to get messy\u2026but I went for it, included Conscrypt and registered it as a security provider. I had to make a connection using the Conscrypt TrustManager (initialized with all the trusted certs in the JDK):<\/p>\n<pre class=\"brush:java\">KeyStore trustStore = KeyStore.getInstance(\"JKS\");\ntrustStore.load(new FileInputStream(System.getenv(\"JAVA_HOME\") + \"\/lib\/security\/cacerts\"), \"changeit\".toCharArray());\nctx.init(null,new TrustManager[] {new TrustManagerImpl(trustStore, \n    null, null, null, logStore, null, \n    new StrictCTPolicy())}, new SecureRandom());\n        \n\nURL url = new URL(\"https:\/\/google.com\");\nHttpsURLConnection conn = (HttpsURLConnection) url.openConnection();\nconn.setSSLSocketFactory(ctx.getSocketFactory());\nconn.connect();\nconn.getInputStream();\nconn.disconnect();<\/pre>\n<p>And of course it didn\u2019t work initially, because Conscrypt doesn\u2019t provide implementations of some core interfaces needed \u2013 the CTLogStore and CTPolicy classes. The CTLogStore actually is the important bit that holds information about all the known logs (I still find it odd to call a \u201clog provider\u201d simply \u201clog\u201d, but that\u2019s the accepted terminology). There is a <a href=\"http:\/\/www.certificate-transparency.org\/known-logs\">list of known logs<\/a>, in <a href=\"https:\/\/www.gstatic.com\/ct\/log_list\/log_list.json\">JSON form<\/a>, which is cool, except it took me a while to figure (with external help) what are exactly those public keys. What are they \u2013 RSA, ECC? How are they encoded? You can\u2019t find that in the RFC, nor in the documentation. It can be <a href=\"https:\/\/support.apple.com\/en-om\/HT209255\">seen here<\/a> that it\u2019s \u201d DER encoding of the SubjectPublicKeyInfo ASN.1 structure \u201c. Ugh.<\/p>\n<p>BouncyCastle to the rescue. My relationship with BouncyCastle is a love-hate one. I hate how unintuitive it is and how convoluted its APIs are, but I love that it has (almost) everything cryptography-related that you may ever need. After some time wasted with trying to figure how exactly to get that public key converted to a PublicKey object, I found that using <code>PublicKeyFactory.createKey(Base64.getDecoder().decode(base64Key));<\/code> gives you the parameters of whatever algorithm is used \u2013 it can return Elliptic curve key parameters or RSA key parameters. You just have to then wrap them in another class and pass them to another factory (typical BouncyCastle), and hurray, you have the public key.<\/p>\n<p>Of course now Google\u2019s Conscrypt didn\u2019t work again, because after the transformations the publicKey\u2019s encoded version was not identical to the original bytes, and so the log ID calculation was wrong. But I fixed that by some reflection, and finally, it worked \u2013 the certificate transparency log was queried and the certificate was shown to be valid and properly included in the log.<\/p>\n<p><a href=\"https:\/\/gist.github.com\/Glamdring\/c45cc06cb2e8a2d20badc4473e2e3772\">The whole code can be found here<\/a>. And yes, it uses several security providers, some odd BouncyCastle APIs and some simple implementations that are missing in Google\u2019s provider. Known certificates may be cached so that repeated calls to the log are not performed, but that\u2019s beyond the scope of my experiment.<\/p>\n<p>Certificate transparency seems like a thing that\u2019s core to the internet nowadays. And yet, it\u2019s so obscure and hard to work with.<\/p>\n<p>Why the type of public key in the list is not documented (they should at least put an OID next to the public key, because as it turns out, not all logs use elliptic curves \u2013 two of them use RSA). Probably there\u2019s a good explanation, but why include the SCT in the log rather than the fingerprint of the certificate? Why not then mandate inclusion of the SCT in the certificate, which would require no additional configuration of the servers and clients, as opposed to including it in the TLS handshake, which does require upgrades?<\/p>\n<p>As far as I know, the certificate transparency initiative is now facing scalability issues because of the millions of Let\u2019s encrypt certificates out there. Every log (provider) should serve the whole log to everyone that requests it. It is not a trivial thing to solve, and efforts are being put in that direction, but no obvious solution is available at the moment.<\/p>\n<p>And finally, if Java doesn\u2019t have an easy way to do that, with all the crypto libraries available, I wonder what\u2019 the case for other languages. Do they support certificate transparency or they need upgrades?<\/p>\n<p>And maybe we\u2019re all good because browsers supports it, but browsers are not the only thing that makes HTTP requests. API calls are a massive use-case and if they can be hijacked, the damage can be even bigger than individual users being phished. So I think more effort should be put in two things:<br \/>\n1. improving the RFC and 2. improving the programming ecosystem. I hope this post contributes at least a little bit.<\/p>\n<div class=\"attribution\">\n<table>\n<tbody>\n<tr>\n<td>Published on Java Code Geeks with permission by Bozhidar Bozhanov, partner at our <a href=\"\/\/www.javacodegeeks.com\/join-us\/jcg\/\" target=\"_blank\" rel=\"noopener\">JCG program<\/a>. See the original article here: <a href=\"https:\/\/techblog.bozho.net\/certificate-transparency-verification-in-java\/\" target=\"_blank\" rel=\"noopener\">Certificate Transparency Verification in Java<\/a><\/p>\n<p>Opinions expressed by Java Code Geeks contributors are their own.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>So I had this naive idea that it would be easy to do certificate transparency verification as part of each request in addition to certificate validity checks (in Java). With half of the weekend sacrificed, I can attest it\u2019s not that trivial. But what is certificate transparency? In short \u2013 it\u2019s a publicly available log &hellip;<\/p>\n","protected":false},"author":55,"featured_media":112,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[],"class_list":["post-86250","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-enterprise-java"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Certificate Transparency Verification in Java - Java Code Geeks<\/title>\n<meta name=\"description\" content=\"Interested to learn about instrumenting porcupine? Check our article explaining how to do certificate transparency verification in java.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.javacodegeeks.com\/2019\/01\/certificate-transparency-verification-java.html\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Certificate Transparency Verification in Java - Java Code Geeks\" \/>\n<meta property=\"og:description\" content=\"Interested to learn about instrumenting porcupine? Check our article explaining how to do certificate transparency verification in java.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.javacodegeeks.com\/2019\/01\/certificate-transparency-verification-java.html\" \/>\n<meta property=\"og:site_name\" content=\"Java Code Geeks\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/javacodegeeks\" \/>\n<meta property=\"article:published_time\" content=\"2019-01-15T14:00:48+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-01-16T07:12:35+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/enterprise-java-logo.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"150\" \/>\n\t<meta property=\"og:image:height\" content=\"150\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Bozhidar Bozhanov\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@javacodegeeks\" \/>\n<meta name=\"twitter:site\" content=\"@javacodegeeks\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Bozhidar Bozhanov\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2019\\\/01\\\/certificate-transparency-verification-java.html#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2019\\\/01\\\/certificate-transparency-verification-java.html\"},\"author\":{\"name\":\"Bozhidar Bozhanov\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#\\\/schema\\\/person\\\/1eaacbb8d159c99fd32e6b51198a1e79\"},\"headline\":\"Certificate Transparency Verification in Java\",\"datePublished\":\"2019-01-15T14:00:48+00:00\",\"dateModified\":\"2019-01-16T07:12:35+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2019\\\/01\\\/certificate-transparency-verification-java.html\"},\"wordCount\":1299,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2019\\\/01\\\/certificate-transparency-verification-java.html#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2012\\\/10\\\/enterprise-java-logo.jpg\",\"articleSection\":[\"Enterprise Java\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.javacodegeeks.com\\\/2019\\\/01\\\/certificate-transparency-verification-java.html#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2019\\\/01\\\/certificate-transparency-verification-java.html\",\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2019\\\/01\\\/certificate-transparency-verification-java.html\",\"name\":\"Certificate Transparency Verification in Java - Java Code Geeks\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2019\\\/01\\\/certificate-transparency-verification-java.html#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2019\\\/01\\\/certificate-transparency-verification-java.html#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2012\\\/10\\\/enterprise-java-logo.jpg\",\"datePublished\":\"2019-01-15T14:00:48+00:00\",\"dateModified\":\"2019-01-16T07:12:35+00:00\",\"description\":\"Interested to learn about instrumenting porcupine? Check our article explaining how to do certificate transparency verification in java.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2019\\\/01\\\/certificate-transparency-verification-java.html#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.javacodegeeks.com\\\/2019\\\/01\\\/certificate-transparency-verification-java.html\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2019\\\/01\\\/certificate-transparency-verification-java.html#primaryimage\",\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2012\\\/10\\\/enterprise-java-logo.jpg\",\"contentUrl\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2012\\\/10\\\/enterprise-java-logo.jpg\",\"width\":150,\"height\":150,\"caption\":\"java-interview-questions-answers\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2019\\\/01\\\/certificate-transparency-verification-java.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.javacodegeeks.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Java\",\"item\":\"https:\\\/\\\/www.javacodegeeks.com\\\/category\\\/java\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Enterprise Java\",\"item\":\"https:\\\/\\\/www.javacodegeeks.com\\\/category\\\/java\\\/enterprise-java\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Certificate Transparency Verification in Java\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#website\",\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/\",\"name\":\"Java Code Geeks\",\"description\":\"Java Developers Resource Center\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#organization\"},\"alternateName\":\"JCG\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.javacodegeeks.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#organization\",\"name\":\"Exelixis Media P.C.\",\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2022\\\/06\\\/exelixis-logo.png\",\"contentUrl\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2022\\\/06\\\/exelixis-logo.png\",\"width\":864,\"height\":246,\"caption\":\"Exelixis Media P.C.\"},\"image\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/javacodegeeks\",\"https:\\\/\\\/x.com\\\/javacodegeeks\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#\\\/schema\\\/person\\\/1eaacbb8d159c99fd32e6b51198a1e79\",\"name\":\"Bozhidar Bozhanov\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2022\\\/12\\\/bozhidar.bozhanov.jpg\",\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2022\\\/12\\\/bozhidar.bozhanov.jpg\",\"contentUrl\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2022\\\/12\\\/bozhidar.bozhanov.jpg\",\"caption\":\"Bozhidar Bozhanov\"},\"description\":\"Senior Java developer, one of the top stackoverflow users, fluent with Java and Java technology stacks - Spring, JPA, JavaEE, as well as Android, Scala and any framework you throw at him. creator of Computoser - an algorithmic music composer. Worked on telecom projects, e-government and large-scale online recruitment and navigation platforms.\",\"sameAs\":[\"http:\\\/\\\/techblog.bozho.net\\\/\"],\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/author\\\/bozhidar-bozhanov\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Certificate Transparency Verification in Java - Java Code Geeks","description":"Interested to learn about instrumenting porcupine? Check our article explaining how to do certificate transparency verification in java.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.javacodegeeks.com\/2019\/01\/certificate-transparency-verification-java.html","og_locale":"en_US","og_type":"article","og_title":"Certificate Transparency Verification in Java - Java Code Geeks","og_description":"Interested to learn about instrumenting porcupine? Check our article explaining how to do certificate transparency verification in java.","og_url":"https:\/\/www.javacodegeeks.com\/2019\/01\/certificate-transparency-verification-java.html","og_site_name":"Java Code Geeks","article_publisher":"https:\/\/www.facebook.com\/javacodegeeks","article_published_time":"2019-01-15T14:00:48+00:00","article_modified_time":"2019-01-16T07:12:35+00:00","og_image":[{"width":150,"height":150,"url":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/enterprise-java-logo.jpg","type":"image\/jpeg"}],"author":"Bozhidar Bozhanov","twitter_card":"summary_large_image","twitter_creator":"@javacodegeeks","twitter_site":"@javacodegeeks","twitter_misc":{"Written by":"Bozhidar Bozhanov","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.javacodegeeks.com\/2019\/01\/certificate-transparency-verification-java.html#article","isPartOf":{"@id":"https:\/\/www.javacodegeeks.com\/2019\/01\/certificate-transparency-verification-java.html"},"author":{"name":"Bozhidar Bozhanov","@id":"https:\/\/www.javacodegeeks.com\/#\/schema\/person\/1eaacbb8d159c99fd32e6b51198a1e79"},"headline":"Certificate Transparency Verification in Java","datePublished":"2019-01-15T14:00:48+00:00","dateModified":"2019-01-16T07:12:35+00:00","mainEntityOfPage":{"@id":"https:\/\/www.javacodegeeks.com\/2019\/01\/certificate-transparency-verification-java.html"},"wordCount":1299,"commentCount":0,"publisher":{"@id":"https:\/\/www.javacodegeeks.com\/#organization"},"image":{"@id":"https:\/\/www.javacodegeeks.com\/2019\/01\/certificate-transparency-verification-java.html#primaryimage"},"thumbnailUrl":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/enterprise-java-logo.jpg","articleSection":["Enterprise Java"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.javacodegeeks.com\/2019\/01\/certificate-transparency-verification-java.html#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.javacodegeeks.com\/2019\/01\/certificate-transparency-verification-java.html","url":"https:\/\/www.javacodegeeks.com\/2019\/01\/certificate-transparency-verification-java.html","name":"Certificate Transparency Verification in Java - Java Code Geeks","isPartOf":{"@id":"https:\/\/www.javacodegeeks.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.javacodegeeks.com\/2019\/01\/certificate-transparency-verification-java.html#primaryimage"},"image":{"@id":"https:\/\/www.javacodegeeks.com\/2019\/01\/certificate-transparency-verification-java.html#primaryimage"},"thumbnailUrl":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/enterprise-java-logo.jpg","datePublished":"2019-01-15T14:00:48+00:00","dateModified":"2019-01-16T07:12:35+00:00","description":"Interested to learn about instrumenting porcupine? Check our article explaining how to do certificate transparency verification in java.","breadcrumb":{"@id":"https:\/\/www.javacodegeeks.com\/2019\/01\/certificate-transparency-verification-java.html#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.javacodegeeks.com\/2019\/01\/certificate-transparency-verification-java.html"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.javacodegeeks.com\/2019\/01\/certificate-transparency-verification-java.html#primaryimage","url":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/enterprise-java-logo.jpg","contentUrl":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/enterprise-java-logo.jpg","width":150,"height":150,"caption":"java-interview-questions-answers"},{"@type":"BreadcrumbList","@id":"https:\/\/www.javacodegeeks.com\/2019\/01\/certificate-transparency-verification-java.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.javacodegeeks.com\/"},{"@type":"ListItem","position":2,"name":"Java","item":"https:\/\/www.javacodegeeks.com\/category\/java"},{"@type":"ListItem","position":3,"name":"Enterprise Java","item":"https:\/\/www.javacodegeeks.com\/category\/java\/enterprise-java"},{"@type":"ListItem","position":4,"name":"Certificate Transparency Verification in Java"}]},{"@type":"WebSite","@id":"https:\/\/www.javacodegeeks.com\/#website","url":"https:\/\/www.javacodegeeks.com\/","name":"Java Code Geeks","description":"Java Developers Resource Center","publisher":{"@id":"https:\/\/www.javacodegeeks.com\/#organization"},"alternateName":"JCG","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.javacodegeeks.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.javacodegeeks.com\/#organization","name":"Exelixis Media P.C.","url":"https:\/\/www.javacodegeeks.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.javacodegeeks.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2022\/06\/exelixis-logo.png","contentUrl":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2022\/06\/exelixis-logo.png","width":864,"height":246,"caption":"Exelixis Media P.C."},"image":{"@id":"https:\/\/www.javacodegeeks.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/javacodegeeks","https:\/\/x.com\/javacodegeeks"]},{"@type":"Person","@id":"https:\/\/www.javacodegeeks.com\/#\/schema\/person\/1eaacbb8d159c99fd32e6b51198a1e79","name":"Bozhidar Bozhanov","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2022\/12\/bozhidar.bozhanov.jpg","url":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2022\/12\/bozhidar.bozhanov.jpg","contentUrl":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2022\/12\/bozhidar.bozhanov.jpg","caption":"Bozhidar Bozhanov"},"description":"Senior Java developer, one of the top stackoverflow users, fluent with Java and Java technology stacks - Spring, JPA, JavaEE, as well as Android, Scala and any framework you throw at him. creator of Computoser - an algorithmic music composer. Worked on telecom projects, e-government and large-scale online recruitment and navigation platforms.","sameAs":["http:\/\/techblog.bozho.net\/"],"url":"https:\/\/www.javacodegeeks.com\/author\/bozhidar-bozhanov"}]}},"_links":{"self":[{"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/posts\/86250","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/users\/55"}],"replies":[{"embeddable":true,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/comments?post=86250"}],"version-history":[{"count":0,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/posts\/86250\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/media\/112"}],"wp:attachment":[{"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/media?parent=86250"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/categories?post=86250"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/tags?post=86250"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}